* Write a FUSE-based mounter for SleuthKit, so that disk images can be forensically mounted using TSK.

* Write a FUSE-based mounter for SleuthKit, so that disk images can be forensically mounted using TSK.

+

* Rewrite '''sorter''' in C++ to make it faster and more flexible.

===Timeline Analysis===

===Timeline Analysis===

Revision as of 12:45, 2 February 2011

Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is our list. Please feel free to add your own ideas.

Short-Term Engineering Projects

These projects would make a nice master's thesis or the start of a PhD.

Physical layer access to flash storage.

Gain access to the physical layer of SD or USB flash storage device. This will require reverse-engineering the proprietary APIs or gaining access to proprietary information from the manufacturers. Use these APIs to demonstrate the feasibility of recovering residual data that has been overwritten at the logical layer but which is still present at the physical layer.

SleuthKit Enhancements

SleuthKit is the popular open-source system for forensics and data recovery.

Carving

Create a method to detect NTFS-compressed cluster blocks on a disk (RAW data stream). A method could be to write a generic signature to detect the beginning of NTFS-compressed file segments on a disk. This method is useful in carving and scanning for textual strings.